Semalt botnet hijacked nearly 300k computers
Posted on 03.09.2014
The “Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn.

The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.

The goal of referrer spam is to create backlinks to a specific URL by abusing publicly-available access logs.

Semalt - and other offenders that engage in this kind of practice - use script bots that ignore the robots exclusion standard (the site's robots.txt file that gives instructions to web crawlers) and spam the server with requests.


"The process is fairly straightforward. The bots access hundreds of thousands of websites in bulk, sending out requests with a synthetically-generated 'Referrer' header. Each of these headers contains the website URL the perpetrators are trying to boost," researcher Ofer Gayer explained.

"All such requests are automatically recorded in access logs, creating a HTML referrer link. These links are then crawled by search engines, while accessing these publicly-available HTML resources."

This artificially improves search engine rankings of the company's customers, which in time "can cause long-term SEO damage to websites, ranging from demotion in search engine result pages (SERP) to complete SERP blacklisting and removal."

To perform all of this, the company uses a botnet generated by malware hidden in a utility called “Soundfrost,” and includes machines on over 290,000 different IP addresses around the world. Nearly 60 percent of those machines are located in Brazil.

The Semalt bot is an effective beast, as it bypasses common bot detection and filtering methods, and the botnet allows it to circumvent IP blacklisting and rate-limiting protection.

With all this in mind, Incapsula has begun blocking Semalt bots by default for all of its accounts, and hopes other will follow their lead.









Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //